Amendments to the Claims 

Claims 1-35 (cancelled). 

36. (currently amended) A method of applying an operation access privilege to at 
least a logical portion of a logical storage medium in communication with a computer, the 
method comprising the steps of: 

(a) providing an operation access privilege indicative of at least one of an enabled 
operation and/or a restricted operation to be performed on at least one logical portion of a 
logical storage medium; 

(b) associating said operation access privilege with at least one logical portion of 
said logical storage medium; 

(c) intercepting in a trap layer an attempted operation on said at least one logical 
portion identified by at least one data identifie r, wherein said intercepting occurs regardless of 
an identity of a user attempting said attempted operation, and transparently to the user and 
transparently to a computer application invoking said operation ; and 

(d) at least one of allowing said attempted operation if matching said enabled 
operation, modifying and allowing said modified attempted operation, and/or denying said 
attempted operation if matching said restricted operation. 

37. (previously presented) The method as defined in claim 36, wherein said at 
least one logical portion of said logical storage medium comprises at least one of a volume, a 
partition, a directory, a special file, and/or a file. 

38. (previously presented) The method as defined in claim 36, wherein said at 
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least one logical portion of said logical storage medium comprises an entire logical storage 
medium. 



39. (previously presented) The method as defined in claim 36, wherein said at 
least one data identifier comprises at least one of a file name, a file mask, a special file, and/or 
a directory. 

40. (previously presented) The method as defined in claim 36, wherein said 
operations comprise at least one of reading, executing, appending, creating new objects, 
deleting, renaming, moving, overwriting, modifying attributes, and/or modifying data object 
security. 

41 . (previously presented) The method as defined in claim 36, further comprising: 
(e) applying a plurality of operation access privileges to said at least one data 

identifier. 

42. (previously presented) The method as defined in claim 36, further comprising: 
(e) applying a plurality of operation access privileges to said logical portion of 

said logical storage medium. 

43. (previously presented) The method as defined in claim 36, further comprising: 
(e) applying said operation access privilege to said logical storage medium 

wherein said logical storage medium is itself a logical portion of another logical storage 
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medium, and wherein a logical portion of said another logical storage medium is specified by 
at least one data identifier. 

44. (previously presented) The method as defined in claim 43, wherein said at 
least one data identifier comprises a free space portion. 

45. (previously presented) The method as defined in claim 43, wherein said at 
least one data identifier comprises newly created data. 

46. (currently amended) A system for applying an operation access privilege to at 
least a logical portion of a logical storage medium in communication with a computer, the 
system comprising: 

providing means for providing an operation access privilege indicative of at least one 
of an enabled operation and/or a restricted operation to be performed on at least a logical 
portion of a logical storage medium; 

associating means for associating said operation access privilege with at least one 
logical portion of said logical storage medium; 

interception means for intercepting in a trap layer an attempted operation on said at 
least one logical portion identified by at least one data identifie r, wherein said interception 
means performs regardless of an identity of a user attempting said attempted operation, and 
transparently to the user and transparently to a computer application invoking said operation : 
and 

at least one of allowing means for allowing said attempted operation if matching said 
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enabled operation, modifying and allowing means for modifying and allowing said modified 
attempted operation, and/or denial means for denying said attempted operation if matching 
said restricted operation. 

47. (previously presented) The system as defined in claim 46, wherein said at least 
one logical portion of said logical storage medium comprises at least one of a volume, a 
partition, a directory, a special file, and/or a file. 

48. (previously presented) The system as defined in claim 46, wherein said at least 
one logical portion of said logical storage medium comprises an entire logical storage 
medium. 

49. (previously presented) The system as defined in claim 46, wherein said at least 
one data identifier comprises at least one of a file name, a file mask, a special file, and/or a 
directory. 

50. (previously presented) The system as defined in claim 46, wherein said 
operations comprise means for at least one of reading, executing, appending, creating new 
objects, deleting, renaming, moving, overwriting, modifying attributes, and/or modifying data 
object security. 

51 . (previously presented) The system as defined in claim 46, further comprising: 
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means for applying a plurality of operation access privileges to said at least one data 
identifier. 

52. (previously presented) The system as defined in claim 46, further comprising: 
means for applying a plurality of operation access privileges to said portion of said 

logical storage medium. 

53. (previously presented) The system as defined in claim 46, further comprising: 
means for applying said operation access privilege to said logical storage medium 

wherein said logical storage medium is itself a logical portion of another logical storage 
medium, and wherein a logical portion of said another logical storage medium is specified by 
at least one data identifier. 

54. (previously presented) The system as defined in claim 46, wherein said at least 
one data identifier comprises a free space portion. 

55. (previously presented) The system as defined in claim 46, wherein said at least 
one data identifier comprises newly created data. 

56. (currently amended) A computer program product embodied on a computer 
readable media wherein the computer program product comprises logic which when executed 
performs the following method of applying an operation access privilege to at least a logical 
portion of a logical storage medium in communication with a computer, the method 
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comprising the steps of: 

(a) providing an operation access privilege indicative of at least one of an enabled 
operation and/or a restricted operation to be performed on at least a logical portion of a 
logical storage medium; 

(b) associating said operation access privilege with at least one logical portion of 
said logical storage medium; 

(c) intercepting in a trap layer an attempted operation on said at least one logical 
portion identified by at least one data identifie r, wherein said intercepting occurs regardless of 
an identity of a user attempting said attempted operation, and transparently to the user and 
transparently to a computer application invoking said operation : and 

(d) at least one of allowing said attempted operation if matching said enabled 
operation, modifying and allowing said modified attempted operation, and/or denying said 
attempted operation if matching said restricted operation. 

57. (previously presented) The computer program product as defined in claim 56, 
wherein said at least one logical portion of said logical storage medium comprises at least one 
of a volume, a partition, a directory, a special file, and/or a file. 

58. (previously presented) The computer program product as defined in claim 56, 
wherein said at least one logical portion of said logical storage medium comprises an entire 
logical storage medium. 

59. (previously presented) The computer program product as defined in claim 56, 
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wherein said at least one data identifier comprises at least one of a file name, a file mask, a 
special file, and/or a directory. 

60. (previously presented) The computer program product as defined in claim 56, 
wherein said operations comprise at least one of reading, executing, appending, creating new 
objects, deleting, renaming, moving, overwriting, modifying attributes, and/or modifying data 
object security. 

61 . (previously presented) The computer program product as defined in claim 56, 
wherein the method further comprises: 

(e) applying a plurality of operation access privileges to said at least one data 
identifier. 

62. (previously presented) The computer program product as defined in claim 56, 
wherein the method further comprises: 

(e) applying a plurality of operation access privileges to said portion of said 
logical storage medium. 

63. (previously presented) The computer program product as defined in claim 56, 
wherein the method further comprises: 

(e) applying said operation access privilege to said logical storage medium 
wherein said logical storage medium is itself a logical portion of another logical storage 
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medium, and wherein a logical portion of said another logical storage medium is specified by 
at least one data identifier. 

64. (previously presented) The computer program product as defined in claim 56, 
wherein said at least one data identifier comprises a free space portion. 

65. (previously presented) The computer program product as defined in claim 56, 
wherein said at least one data identifier comprises newly created data. 

66. (previously presented) The method according to claim 36, wherein said 
operation access privilege comprises a file input/output (I/O) operation access privilege. 

67. (New) A method of applying an operation access privilege to a logical storage 
medium in a file system, comprising: 

(a) providing an operation access privilege indicative of at least one of an enabled 
operation and/or a restricted operation to be performed on at least one portion of the logical 
storage medium; 

(b) associating said operation access privilege with said at least one portion of said 
logical storage medium; 

(e) intercepting in a trap layer an attempted operation on said at least one portion; 

and 

(f) passing said attempted operation to said file system if said attempted operation 
matches said enabled operation. 
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68. (New) The method of Claim 67, further comprising: 

modifying said attempted operation if said attempted operation does not match said 
enabled operation or said attempted operation matches said restricted operation; and 
passing said modified attempted operation to said file system. 

69. (New) The method of Claim 67, further comprising denying said attempted 
operation at said trap layer if said attempted operation matches said restricted operation. 

70. (New) The method of Claim 67, further comprising denying said attempted 
operation at said trap layer if said attempted operation does not match said enabled operation. 
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